The present invention relates to a knowledge processing system for risk assessment and analysis.
Risk management is an important consideration for any organization. However, potential risks fall into a very diverse array of categories, including risks relating to information technology (e.g., computer viruses, hackers, etc.), risks relating to physical facilities (e.g., fire, flood, earthquake, burglary, etc.), as well as legal risks (e.g., failure to comply with regulatory requirements). In addition, measures that can be taken to mitigate potential risk can frequently overlap and protect against multiple risks, even across different categories. For example, a security system added to protect a file or web server from physical attacks can protect against hackers gaining physical access to the server, mitigating an information technology risk, as well as protect against burglaries, mitigating a physical facilities risk.
However, different individuals and divisions within an organization are typically responsible for the different risks that the organization faces. For example, the legal division of an organization might be concerned with regulatory risks, while the information technology department is concerned with information technology risks. Ordinarily, information is not readily shared between these divisions, making it difficult to manage the total risk of an organization, as well as determine the most effective projects that can be undertaken to reduce risk across the entire organization.